Number of DDoS Attacks Significantly Declines After Shutdown of Webstresser.org

Closure of the cybercrime platform is a major milestone, but reason for concern remains. Many companies remain deceived in thinking themselves secure.

One of the main marketplaces for DDoS attacks was taken down from the net on 24 April 2018. In the short period of time since that date, the Link11 Security Operation Center (LSOC) has seen a roughly 60% decline in DDoS attacks on targets in Europe. The general threat level posed by DDoS attacks remains high, however.

The action taken by investigative authorities to take down the DDoS marketplace Webstresser.org has demonstrated that DDoS attacks are ordered and purchased every day, as Europol stated in a press release on April 24, 2017. The LSOC has registered significantly fewer DDoS attacks since the arrest of the suspected platform administrators, down 64% from the peak number recorded. The LSOC, which monitors DDoS attack activity on the internet 24/7, has registered lower attack activity, especially on April 25 and 26, presumably due to elimination of the source.

According to Europol, the DDoS marketplace Webstresser.org alone was behind more than 4 million attacks in the month of April 2018, commissioned by more than 136,000 registered users.

Onur Cengiz, Head of the Link11 Security Operation Center, commented:

"Shutting down Webstresser.org was a massive strike against cybercrime. But even so, the number of attacks will only decrease temporarily. Experience has shown in recent years that for every DDoS attack marketplace taken out, multiple new platforms will pop up like the heads of a hydra."

DDoS attacks are a universal threat to corporate IT

The number of DDoS attacks, readily available DDoS attack tools and marketplaces offering ‘DDoS for hire’ has been steadily increasing over a number of years. Between January and December 2017 the LSOC registered over 70,000 attacks on customers in the Link11 network. DDoS protection experts say 2018 will see even more DDoS attacks than in previous years. Rapidly proliferating IoT botnets and high-volume attacks like Memcached Reflection, which emerged in late February 2018, mean that most businesses will be even more unsure of their exposure to DDoS threats.

Proactively managing DDoS risk

Link11 General Manager Marc Wilczek has warned that too few companies are aware of the DDoS attack risk their IT systems are exposed to:

"Ignoring the threat of a DDoS attack is taking chances with your company’s IT security. It is economically prudent to take steps to address attack risk as part of a pro-active IT security strategy."

It is thus essential to conduct an accurate risk-benefit analysis, stress-test existing systems on a regular basis and raise awareness of the issue among employees and keep them updated on the latest developments.

The Link11 Security Blog regularly reports on new attack forms and attack trends, and issues alerts given indications of an acute DDoS threat. The latest Link11 DDoS Report for Central Europe is available as a free download on the Link11 website.